Skip to content

Commit

Permalink
Merge pull request #117 from NHSDigital/release/2024-01-02
Browse files Browse the repository at this point in the history
Release/2024-01-02
  • Loading branch information
jaklinger authored Jan 4, 2024
2 parents 1a2e9f2 + a551af4 commit bead9a9
Show file tree
Hide file tree
Showing 91 changed files with 1,180 additions and 304 deletions.
13 changes: 8 additions & 5 deletions .github/actions/terraform/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,16 @@ inputs:
command:
description: "Terraform command to run"
required: true
account:
description: "AWS account name"
required: true
workspace:
description: "Terraform workspace name"
required: true
account-wide:
description: "If account-wide then specify 'account_wide'"
required: false
default: "non_account_wide"
scope:
description: "Terraform scope"
required: true
default: "per_workspace"
cache-suffix:
description: "[Optional] Cache suffix (e.g. 'base')"
required: false
Expand All @@ -32,7 +35,7 @@ runs:
steps:
- uses: ./.github/actions/make/
with:
command: terraform--${{ inputs.command }} TERRAFORM_WORKSPACE="${{ inputs.workspace }}" ACCOUNT_WIDE="${{ inputs.account-wide }}" PARAMETER_DEPLOY="${{ inputs.parameter-deploy }}"
command: terraform--${{ inputs.command }} AWS_ACCOUNT="${{ inputs.account }}" TERRAFORM_WORKSPACE="${{ inputs.workspace }}" TERRAFORM_SCOPE="${{ inputs.scope }}"
requires-aws: true
restore-from-cache: ${{ inputs.restore-from-cache }}
save-to-cache: ${{ inputs.save-to-cache }}
Expand Down
46 changes: 26 additions & 20 deletions .github/workflows/_deploy.yml
Original file line number Diff line number Diff line change
@@ -1,30 +1,29 @@
on:
workflow_call:
inputs:
workspace:
required: true
default: dev
account:
description: The AWS account being deployed
type: string
parameter-deploy:
required: false
required: true
workspace:
description: The Terraform workspace being deployed
type: string
default: ""
account-wide:
required: false
required: true
scope:
description: The Terraform scope being deployed
type: string
default: "non_account_wide"
required: true

permissions:
id-token: write
contents: read
actions: write

env:
RUNNING_IN_CI: 1
ACCOUNT: ${{ inputs.account }}
WORKSPACE: ${{ inputs.workspace }}
CACHE_NAME: ${{ inputs.workspace }}-cache
PARAMETER_DEPLOY: ${{ inputs.parameter-deploy }}
ACCOUNT_WIDE: ${{ inputs.account-wide }}
CACHE_NAME: ${{ inputs.workspace }}-${{ inputs.account }}-${{ inputs.scope }}
SCOPE: ${{ inputs.scope }}
# SLACK_WEBHOOK_URL: ${{ secrets.DEPLOY_ENV_SLACK_HOOK_URL }}
CI_ROLE_NAME: ${{ secrets.CI_ROLE_NAME }}

Expand Down Expand Up @@ -61,6 +60,7 @@ jobs:
command: build
save-to-cache: "true"
restore-from-cache: "false"
cache-suffix: ${{ env.CACHE_NAME }}

helpers--truststore-pull:
needs: [get-branch-from-workflow-file, build]
Expand All @@ -83,11 +83,12 @@ jobs:
- uses: ./.github/actions/terraform/
with:
command: init
account: ${{ env.ACCOUNT }}
workspace: ${{ env.WORKSPACE }}
account-wide: ${{ env.ACCOUNT_WIDE }}
parameter-deploy: ${{ env.PARAMETER_DEPLOY }}
scope: ${{ env.SCOPE }}
restore-from-cache: "true"
save-to-cache: "true"
cache-suffix: ${{ env.CACHE_NAME }}

terraform--plan:
needs: [get-branch-from-workflow-file, terraform--init]
Expand All @@ -99,11 +100,12 @@ jobs:
- uses: ./.github/actions/terraform/
with:
command: plan
account: ${{ env.ACCOUNT }}
workspace: ${{ env.WORKSPACE }}
account-wide: ${{ env.ACCOUNT_WIDE }}
parameter-deploy: ${{ env.PARAMETER_DEPLOY }}
scope: ${{ env.SCOPE }}
restore-from-cache: "true"
save-to-cache: "true"
cache-suffix: ${{ env.CACHE_NAME }}

terraform--apply:
needs: [get-branch-from-workflow-file, terraform--plan]
Expand All @@ -115,11 +117,12 @@ jobs:
- uses: ./.github/actions/terraform/
with:
command: apply
account: ${{ env.ACCOUNT }}
workspace: ${{ env.WORKSPACE }}
account-wide: ${{ env.ACCOUNT_WIDE }}
parameter-deploy: ${{ env.PARAMETER_DEPLOY }}
scope: ${{ env.SCOPE }}
restore-from-cache: "true"
save-to-cache: "true"
cache-suffix: ${{ env.CACHE_NAME }}

test--smoke:
needs: [get-branch-from-workflow-file, terraform--apply]
Expand All @@ -146,7 +149,7 @@ jobs:
message-slack:
name: Notify slack of deployment
needs: [get-branch-from-workflow-file, set-success]
if: ${{ always() }}
if: always()
runs-on: [self-hosted, ci]

steps:
Expand All @@ -156,7 +159,10 @@ jobs:
with:
payload: |
{
"account": "${{ env.ACCOUNT }}",
"environment": "${{ env.WORKSPACE }}",
"result": "${{ needs.set-success.outputs.success && needs.set-success.outputs.success || 'failed' }}",
"branch": "${{ needs.get-branch-from-workflow-file.outputs.branch_name }}"
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.DEPLOY_ENV_SLACK_HOOK_URL }}
5 changes: 3 additions & 2 deletions .github/workflows/deploy-account-wide-resources-prod.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: "Deploy: Account Wide Resources - Production"
name: "Deploy: Account Wide - Production"

on:
workflow_dispatch:
Expand All @@ -7,6 +7,7 @@ jobs:
deploy:
uses: ./.github/workflows/_deploy.yml
with:
account: prod
workspace: prod
account-wide: account_wide
scope: per_account/prod
secrets: inherit # pragma: allowlist secret
14 changes: 8 additions & 6 deletions .github/workflows/deploy-account-wide-resources.yml
Original file line number Diff line number Diff line change
@@ -1,21 +1,23 @@
name: "Deploy: Account Wide Resources - Nonprod"
name: "Deploy: Account Wide - Nonprod"

on:
workflow_dispatch:
inputs:
workspace:
description: Account to deploy to
account:
description: Account to deploy
required: true
default: dev
type: choice
options:
- dev
- ref
- qa
- int
- ref
jobs:
deploy:
uses: ./.github/workflows/_deploy.yml
with:
workspace: ${{ inputs.workspace }}
account-wide: account_wide
account: ${{ inputs.account }}
workspace: ${{ inputs.account }}
scope: "per_account/${{ inputs.account }}"
secrets: inherit # pragma: allowlist secret
19 changes: 11 additions & 8 deletions .github/workflows/deploy-nonprod-workspace.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,23 +3,26 @@ name: "Deploy: Workspace - Nonprod"
on:
workflow_dispatch:
inputs:
workspace:
description: Workspace to deploy to
account:
description: Account to deploy
required: true
default: dev
type: choice
options:
- dev
- dev-sandbox
- ref
- ref-sandbox
- qa
- int
- int-sandbox
- ref
sandbox:
description: Do you want to deploy the sandbox version?
type: boolean
default: false

jobs:
deploy:
uses: ./.github/workflows/_deploy.yml
with:
workspace: ${{ inputs.workspace }}
account-wide: non_account_wide
account: ${{ inputs.account }}
workspace: ${{ inputs.account }}${{ inputs.sandbox == true && '-sandbox' || '' }}
scope: "per_workspace"
secrets: inherit # pragma: allowlist secret
13 changes: 7 additions & 6 deletions .github/workflows/deploy-parameters-nonprod.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,21 +3,22 @@ name: "Deploy: Parameters - Nonprod"
on:
workflow_dispatch:
inputs:
workspace:
description: Workspace to deploy to
account:
description: Account to deploy
required: true
default: dev
type: choice
options:
- dev
- ref
- qa
- int
- ref

jobs:
deploy:
uses: ./.github/workflows/_deploy.yml
with:
workspace: ${{ inputs.workspace }}
parameter-deploy: "parameter_deploy"
account-wide: "account_wide"
account: ${{ inputs.account }}
workspace: ${{ inputs.account }}
scope: "per_account/${{ inputs.account }}/parameters"
secrets: inherit # pragma: allowlist secret
4 changes: 2 additions & 2 deletions .github/workflows/deploy-parameters-prod.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ jobs:
deploy:
uses: ./.github/workflows/_deploy.yml
with:
account: prod
workspace: prod
parameter-deploy: "parameter_deploy"
account-wide: "account_wide"
scope: per_account/prod/parameters
secrets: inherit # pragma: allowlist secret
3 changes: 2 additions & 1 deletion .github/workflows/deploy-prod-workspace.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ jobs:
deploy:
uses: ./.github/workflows/_deploy.yml
with:
account: prod
workspace: prod
account-wide: non_account_wide
scope: per_workspace
secrets: inherit # pragma: allowlist secret
1 change: 0 additions & 1 deletion .github/workflows/destroy-expired-workspaces.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ env:
AWS_DEFAULT_REGION: eu-west-2
TF_CLI_ARGS: -no-color
CI_ROLE_NAME: ${{ secrets.CI_ROLE_NAME }}
RUNNING_IN_CI: 1
BRANCH_NAME: ${{ github.ref_name }}

jobs:
Expand Down
3 changes: 1 addition & 2 deletions .github/workflows/pull-requests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ env:
BASE_BRANCH_NAME: ${{ github.event.pull_request.base.ref }}
BRANCH_NAME: ${{ github.event.pull_request.head.ref }}
CI_ROLE_NAME: ${{ secrets.CI_ROLE_NAME }}
RUNNING_IN_CI: 1
BRANCH_GITHUB_SHA_SHORT: $(echo ${{ github.event.pull_request.head.sha }} | cut -c 1-7)
TF_CLI_ARGS: -no-color

Expand Down Expand Up @@ -136,7 +135,7 @@ jobs:
steps:
- uses: actions/checkout@v4
with:
ref: ${{ env.BASE_BRANCH_NAME }}
ref: ${{ env.BRANCH_NAME }} # ${{ env.BASE_BRANCH_NAME }}
- uses: ./.github/actions/terraform/
with:
command: plan
Expand Down
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
# Changelog

## 2024-01-02
- [PI-129] Postman collection from local tests
- [PI-165] AWS environments

## 2023-12-20
- [PI-166] Versioning

Expand Down
2 changes: 1 addition & 1 deletion VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
2023.12.20
2024.01.02
2 changes: 2 additions & 0 deletions changelog/2024-01-02.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
- [PI-129] Postman collection from local tests
- [PI-165] AWS environments
Loading

0 comments on commit bead9a9

Please sign in to comment.